Cilium

To use Airlock Microgateway in your Kubernetes cluster with Cilium, follow this guide to deploy the Airlock Microgateway Operator and its resources.

• To use Airlock Microgateway, a valid license is required. Airlock Microgateway is available in a Premium and a free Community edition. To request and configure/change a license, see the article Licensing and license-dependent behavior.
• Cilium has been deployed as described in their documentation (Cilium) Documentation.

1. Depending on which Kubernetes distribution you are using, complete the instructions in the corresponding installation guide:
• For Kubernetes, follow this guide: Kubernetes
• For OpenShift, follow this guide: OpenShift
2. Create the Cilium CNI configuration for CNI chaining based on the following cilium-cni-cm.yaml template.
copy



apiVersion: v1 
kind: ConfigMap 
metadata: 
  name: cni-configuration 
  namespace: kube-system 
data: 
  cni-config: |- 
    { 
      "cniVersion": "0.3.1", 
      "name": "cilium", 
      "plugins": [ 
        { 
          "cniVersion": "0.3.1", 
          "enable-debug": false, 
          "log-file": "/var/run/cilium/cilium-cni.log", 
          "name": "cilium", 
          "type": "cilium-cni" 
        }, 
        { 
          "debug": false, 
          "kubernetes": { 
            "excludeNamespaces": [ 
              "kube-system", 
              "airlock-microgateway-system" 
            ], 
            "kubeconfig": "/etc/cni/net.d/airlock-microgateway-cni-kubeconfig" 
          }, 
          "logFilePath": "/var/log/airlock-microgateway-cni.log", 
          "type": "airlock-microgateway-cni" 
        } 
      ] 
    }

3. Apply the changes.
copy



kubectl apply -f cilium-cni-cm.yaml

4. Configure Cilium to use the CNI configuration. Perform helm upgrade with the following flags
copy



--set cni.customConf=true --set cni.configMap=cni-configuration --reuse-values

5. Test Cilium. Use the Cilium cli tool to verify connectivity.
copy



cilium connectivity test

6. Cilium CNI forwards the traffic and is visible in Hubble and Airlock Microgateway should be up and running.

0. After deploying the Airlock Microgateway Operator in your Kubernetes Cluster, the following steps are required:
1. Configure/change the Airlock Microgateway license. See article Licensing and license-dependent behavior.
2. Annotate the web application Pods to protect as explained in Annotations for Microgateway Engine injection.
3. Create the CustomResources to configure the Airlock Microgateway as outlined in Configuration.

• Internal links:
• Licensing and license-dependent behavior
• Annotations for Microgateway Engine injection
• Configuration

• External links:
• (Cilium) CNI Chaining